Moodle release 3.0.3
[moodle.git] / lib / javascript.php
blob0cb40672e3f888ebcaf3cbd33e7e8cb9c0753d12
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17 /**
18 * This file is serving optimised JS
20 * @package core_lib
21 * @copyright 2010 Petr Skoda (skodak)
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25 // disable moodle specific debug messages and any errors in output,
26 // comment out when debugging or better look into error log!
27 define('NO_DEBUG_DISPLAY', true);
29 // we need just the values from config.php and minlib.php
30 define('ABORT_AFTER_CONFIG', true);
31 require('../config.php'); // this stops immediately at the beginning of lib/setup.php
32 require_once("$CFG->dirroot/lib/jslib.php");
33 require_once("$CFG->dirroot/lib/classes/minify.php");
35 if ($slashargument = min_get_slash_argument()) {
36 $slashargument = ltrim($slashargument, '/');
37 if (substr_count($slashargument, '/') < 1) {
38 header('HTTP/1.0 404 not found');
39 die('Slash argument must contain both a revision and a file path');
41 // image must be last because it may contain "/"
42 list($rev, $file) = explode('/', $slashargument, 2);
43 $rev = min_clean_param($rev, 'INT');
44 $file = '/'.min_clean_param($file, 'SAFEPATH');
46 } else {
47 $rev = min_optional_param('rev', -1, 'INT');
48 $file = min_optional_param('jsfile', '', 'RAW'); // 'file' would collide with URL rewriting!
51 // some security first - pick only files with .js extension in dirroot
52 $jsfiles = array();
53 $files = explode(',', $file);
54 foreach ($files as $fsfile) {
55 $jsfile = realpath($CFG->dirroot.$fsfile);
56 if ($jsfile === false) {
57 // does not exist
58 continue;
60 if ($CFG->dirroot === '/') {
61 // Some shared hosting sites serve files directly from '/',
62 // this is NOT supported, but at least allow JS when showing
63 // errors and warnings.
64 } else if (strpos($jsfile, $CFG->dirroot . DIRECTORY_SEPARATOR) !== 0) {
65 // hackers - not in dirroot
66 continue;
68 if (substr($jsfile, -3) !== '.js') {
69 // hackers - not a JS file
70 continue;
72 $jsfiles[] = $jsfile;
75 if (!$jsfiles) {
76 // bad luck - no valid files
77 header('HTTP/1.0 404 not found');
78 die('No valid javascript files found');
81 $etag = sha1($rev.implode(',', $jsfiles));
83 // Use the caching only for meaningful revision numbers which prevents future cache poisoning.
84 if ($rev > 0 and $rev < (time() + 60*60)) {
85 $candidate = $CFG->localcachedir.'/js/'.$etag;
87 if (file_exists($candidate)) {
88 if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) || !empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
89 // we do not actually need to verify the etag value because our files
90 // never change in cache because we increment the rev parameter
91 js_send_unmodified(filemtime($candidate), $etag);
93 js_send_cached($candidate, $etag);
95 } else {
96 js_write_cache_file_content($candidate, core_minify::js_files($jsfiles));
97 // verify nothing failed in cache file creation
98 clearstatcache();
99 if (file_exists($candidate)) {
100 js_send_cached($candidate, $etag);
105 $content = '';
106 foreach ($jsfiles as $jsfile) {
107 $content .= file_get_contents($jsfile)."\n";
109 js_send_uncached($content, $etag);